diff options
author | Christian Eggers <ceggers@arri.de> | 2022-01-31 14:42:21 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2022-02-21 19:12:27 +0100 |
commit | b26c9723d96d549092e66d56588ad4047da18900 (patch) | |
tree | 205cc43876d537c7b2c08eccb11d91faf8e5a132 | |
parent | 5b4ce608d4db331cad0a891976a0bbce975e61f0 (diff) |
libnm-crypto: add new option for no cryptography
For some embedded systems, no cryptography is required at all (e.g when
only using Ethernet).
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1108
-rw-r--r-- | Makefile.am | 18 | ||||
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | meson.build | 5 | ||||
-rw-r--r-- | meson_options.txt | 2 | ||||
-rw-r--r-- | po/POTFILES.in | 1 | ||||
-rw-r--r-- | src/libnm-core-impl/meson.build | 14 | ||||
-rw-r--r-- | src/libnm-core-impl/nm-crypto-null.c | 104 |
8 files changed, 144 insertions, 7 deletions
diff --git a/Makefile.am b/Makefile.am index ab06c6db6e..af6743ec82 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1471,6 +1471,24 @@ src_libnm_core_impl_libnm_crypto_nss_la_LIBADD = \ $(NSS_LIBS) endif +if !WITH_GNUTLS +if !WITH_NSS +libnm_crypto_lib = src/libnm-core-impl/libnm-crypto-null.la +else +check_ltlibraries += src/libnm-core-impl/libnm-crypto-null.la +endif +else +check_ltlibraries += src/libnm-core-impl/libnm-crypto-null.la +endif + +src_libnm_core_impl_libnm_crypto_null_la_SOURCES = src/libnm-core-impl/nm-crypto-null.c +src_libnm_core_impl_libnm_crypto_null_la_CPPFLAGS = \ + $(src_libnm_core_impl_libnm_core_impl_la_CPPFLAGS) +src_libnm_core_impl_libnm_crypto_null_la_LDFLAGS = \ + $(src_libnm_core_impl_libnm_core_impl_la_LDFLAGS) +src_libnm_core_impl_libnm_crypto_null_la_LIBADD = \ + $(GLIB_LIBS) + noinst_LTLIBRARIES += $(libnm_crypto_lib) ############################################################################### @@ -10,6 +10,7 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE! * Wi-Fi hotspots will use a (stable) random channel number unless one is chosen manually. +* libnm: add new dummy crypto backend "null" that does nothing. ============================================= NetworkManager-1.36 diff --git a/configure.ac b/configure.ac index 6146693c60..20f6502aaa 100644 --- a/configure.ac +++ b/configure.ac @@ -716,7 +716,7 @@ AM_CONDITIONAL(HAVE_CRYPTO_GNUTLS, test "${have_crypto_gnutls}" = 'yes') AM_CONDITIONAL(HAVE_CRYPTO_NSS, test "${have_crypto_nss}" = 'yes') AC_ARG_WITH(crypto, - AS_HELP_STRING([--with-crypto=nss|gnutls], + AS_HELP_STRING([--with-crypto=nss|gnutls|null], [Cryptography library to use for certificate and key operations]), with_crypto=$withval, with_crypto=nss) @@ -728,8 +728,10 @@ elif test "$with_crypto" = 'gnutls'; then if test "${have_crypto_gnutls}" != "yes"; then AC_MSG_ERROR([No usable gnutls found for --with-crypto=gnutls]) fi +elif test "$with_crypto" = 'null'; then + : else - AC_MSG_ERROR([Please choose either 'nss' or 'gnutls' for certificate and crypto operations]) + AC_MSG_ERROR([Please choose either 'nss', 'gnutls' or 'null' for certificate and crypto operations]) fi AM_CONDITIONAL(WITH_NSS, test "$with_crypto" = 'nss') AM_CONDITIONAL(WITH_GNUTLS, test "$with_crypto" = 'gnutls') diff --git a/meson.build b/meson.build index 2020a5a990..853afb7306 100644 --- a/meson.build +++ b/meson.build @@ -551,10 +551,11 @@ crypto = get_option('crypto') if crypto == 'nss' assert(crypto_nss_dep.found(), 'Requires nss crypto support') crypto_dep = crypto_nss_dep -else - assert(crypto == 'gnutls', 'Unexpected setting "crypto=' + crypto + '"') +elif crypto == 'gnutls' assert(crypto_gnutls_dep.found(), 'Requires gnutls crypto support') crypto_dep = crypto_gnutls_dep +else + assert(crypto == 'null', 'Unexpected setting "crypto=' + crypto + '"') endif dbus_conf_dir = get_option('dbus_conf_dir') diff --git a/meson_options.txt b/meson_options.txt index cfebe44619..42f84711d0 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -71,6 +71,6 @@ option('valgrind', type: 'array', value: ['no'], description: 'Use valgrind to m option('valgrind_suppressions', type: 'string', value: '', description: 'Use specific valgrind suppression file') option('ld_gc', type: 'boolean', value: true, description: 'Enable garbage collection of unused symbols on linking') option('libpsl', type: 'boolean', value: true, description: 'Link against libpsl') -option('crypto', type: 'combo', choices: ['nss', 'gnutls'], value: 'nss', description: 'Cryptography library to use for certificate and key operations') +option('crypto', type: 'combo', choices: ['nss', 'gnutls', 'null'], value: 'nss', description: 'Cryptography library to use for certificate and key operations') option('qt', type: 'boolean', value: true, description: 'enable Qt examples') option('readline', type: 'combo', choices: ['auto', 'libreadline', 'libedit', 'none'], description: 'Using readline (auto) or libedit)') diff --git a/po/POTFILES.in b/po/POTFILES.in index 76d20094d0..548ae5a1e7 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -74,6 +74,7 @@ src/libnm-core-aux-intern/nm-libnm-core-utils.c src/libnm-core-impl/nm-connection.c src/libnm-core-impl/nm-crypto-gnutls.c src/libnm-core-impl/nm-crypto-nss.c +src/libnm-core-impl/nm-crypto-null.c src/libnm-core-impl/nm-crypto.c src/libnm-core-impl/nm-dbus-utils.c src/libnm-core-impl/nm-keyfile-utils.c diff --git a/src/libnm-core-impl/meson.build b/src/libnm-core-impl/meson.build index 2e1f175177..3ee044fe10 100644 --- a/src/libnm-core-impl/meson.build +++ b/src/libnm-core-impl/meson.build @@ -24,11 +24,21 @@ if crypto_gnutls_dep.found() ) endif +libnm_crypto_null = static_library( + 'nm-crypto-null', + sources: 'nm-crypto-null.c', + dependencies: [ + libnm_core_public_dep, + ], +) + if crypto == 'nss' libnm_crypto = libnm_crypto_nss -else - assert(crypto == 'gnutls', 'Unexpected setting "crypto=' + crypto + '"') +elif crypto == 'gnutls' libnm_crypto = libnm_crypto_gnutls +else + assert(crypto == 'null', 'Unexpected setting "crypto=' + crypto + '"') + libnm_crypto = libnm_crypto_null endif libnm_core_settings_sources = files( diff --git a/src/libnm-core-impl/nm-crypto-null.c b/src/libnm-core-impl/nm-crypto-null.c new file mode 100644 index 0000000000..2f072257ec --- /dev/null +++ b/src/libnm-core-impl/nm-crypto-null.c @@ -0,0 +1,104 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +/* + * Christian Eggers <ceggers@arri.de> + * Copyright (C) 2020 - 2022 ARRI Lighting + */ + +#include "libnm-glib-aux/nm-default-glib-i18n-lib.h" + +#include "nm-crypto-impl.h" + +#include "libnm-glib-aux/nm-secret-utils.h" +#include "nm-errors.h" + +/*****************************************************************************/ + +gboolean +_nm_crypto_init(GError **error) +{ + g_set_error(error, + NM_CRYPTO_ERROR, + NM_CRYPTO_ERROR_FAILED, + _("Compiled without crypto support.")); + return FALSE; +} + +guint8 * +_nmtst_crypto_decrypt(NMCryptoCipherType cipher, + const guint8 *data, + gsize data_len, + const guint8 *iv, + gsize iv_len, + const guint8 *key, + gsize key_len, + gsize *out_len, + GError **error) +{ + g_set_error(error, + NM_CRYPTO_ERROR, + NM_CRYPTO_ERROR_FAILED, + _("Compiled without crypto support.")); + return NULL; +} + +guint8 * +_nmtst_crypto_encrypt(NMCryptoCipherType cipher, + const guint8 *data, + gsize data_len, + const guint8 *iv, + gsize iv_len, + const guint8 *key, + gsize key_len, + gsize *out_len, + GError **error) +{ + g_set_error(error, + NM_CRYPTO_ERROR, + NM_CRYPTO_ERROR_FAILED, + _("Compiled without crypto support.")); + return NULL; +} + +gboolean +_nm_crypto_verify_x509(const guint8 *data, gsize len, GError **error) +{ + g_set_error(error, + NM_CRYPTO_ERROR, + NM_CRYPTO_ERROR_FAILED, + _("Compiled without crypto support.")); + return FALSE; +} + +gboolean +_nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *password, GError **error) +{ + g_set_error(error, + NM_CRYPTO_ERROR, + NM_CRYPTO_ERROR_FAILED, + _("Compiled without crypto support.")); + return FALSE; +} + +gboolean +_nm_crypto_verify_pkcs8(const guint8 *data, + gsize data_len, + gboolean is_encrypted, + const char *password, + GError **error) +{ + g_set_error(error, + NM_CRYPTO_ERROR, + NM_CRYPTO_ERROR_FAILED, + _("Compiled without crypto support.")); + return FALSE; +} + +gboolean +_nm_crypto_randomize(void *buffer, gsize buffer_len, GError **error) +{ + g_set_error(error, + NM_CRYPTO_ERROR, + NM_CRYPTO_ERROR_FAILED, + _("Compiled without crypto support.")); + return FALSE; +} |